Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'directory'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. Codef0rces 2.0’s directory - LeetC0de > Microsoft > A Way to Practice Competitive Programming > Adobe > Amazon > Apple > Array > C++ > DS & Algo > Expedia > Facebook > Math > Oracle > Twitter > Visa > VMware > Walmart* [Hidden Content]
  2. Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) Looks for enabled normal user accounts. No Windows audit logs were generated. High-speed ~ up to 10K/sec – go beyond 25K/sec with multiple servers! Tries to autodetect DC from environment variables on domain joined machines or falls back to machine hostname FQDN DNS suffix Reads usernames to test from stdin (default) or file Outputs to stdout (default) or file Parallelized, multiple connections to multiple servers (defaults to 8 servers, 8 connections per server) Shows a progressbar if you’re using both input and output files Evasive maneuvers: Use –throttle 20 for a 20ms delay between each request (slows everything down to a crawl) Evasive maneuvers: Use –maxrequests 1000 to close the connection and reconnect after 1000 requests in each connection (try to avoid detection based on traffic volume) Changelog v1.1 64921bd: Fixed output for detected DNS domain (Lars Karlslund) 6ea0cd7: Fixed closing of output when exiting (Lars Karlslund) 61637bd: Added option to dump rootDSE attributes as JSON (Lars Karlslund) [hide][Hidden Content]]
  3. LDAP Nom Nom Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) Looks for enabled normal user accounts. No Windows audit logs were generated. High-speed ~ up to 10K/sec – go beyond 25K/sec with multiple servers! Tries to autodetect DC from environment variables on domain joined machines or falls back to machine hostname FQDN DNS suffix Reads usernames to test from stdin (default) or file Outputs to stdout (default) or file Parallelized, multiple connections to multiple servers (defaults to 8 servers, 8 connections per server) Shows a progressbar if you’re using both input and output files Evasive maneuvers: Use –throttle 20 for a 20ms delay between each request (slows everything down to a crawl) Evasive maneuvers: Use –maxrequests 1000 to close the connection and reconnect after 1000 requests in each connection (try to avoid detection based on traffic volume) [hide][Hidden Content]]
  4. Description As a security professional, one of your most important jobs is to make sure that only authorized users have access to your system. Most often, this is achieved via credential-based access control, where credentials are stored in central directories like Microsoft Active Directory (AD). But are you really ready to handle an unexpected cyberattack? In this course, instructor Malcolm Shore gives you an overview of Active Directory, including how to enumerate it and validate its security with penetration testing. Explore the core concepts of penetration testing and why it’s so important for enterprise security management. Learn how AD interacts with identity providers and how you interact with it at the command line using LDAP protocol as well as through Powerpoint. Malcolm teaches you some key tricks and gives you examples of how to get the most out of your audits by understanding and utilizing spray attacks, hash extractions, impacket libraries, and brute force attacks. [hide][Hidden Content]]
  5. Link Directory Pro is an advanced and modern-looking directory script with rich SEO features where you can create your own Link Directory in minutes. [Hidden Content] [hide][Hidden Content]]
  6. Active Directory Pentesting With Kali Linux – Red Team Attacking and Hacking Active Directory With Kali Linux Full Course – Red Team Hacking Pentesting What you’ll learn How to Use Metasploit to Exploit Active Directory How to Use Empire to Exploit Active Directory How to Use Evil-WinRM to Exploit Active Directory How to Use CrackMapExec to Exploit Active Directory How to Exploit Active Directory From Windows How to Do Active Directory Enumeration How to do Lateral Movement Active Directory Post Exploitation Active Directory Domain Privilege Escalation Active Directory Persistence Attacks How to use Kali Linux to hack Active Directory How to use nmap to Enumerate Servers How to exploit EternalBlue Requirements How Active Directory Work Windows Server Experience Description Most enterprise networks today are managed using Windows Active Directory and it is imperative for a security professional to understand the threats to the Windows infrastructure. Active Directory Pretesting is designed to provide security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment. The course is beginner friendly and comes with a walkthrough videos course and all documents with all the commands executed in the videos. The course is based on our years of experience of breaking Windows and AD environments and research. When it comes to AD security, there is a large gap of knowledge which security professionals and administrators struggle to fill. Over the years, I have taken numerous world trainings on AD security and always found that there is a lack of quality material and specially, a lack of good walkthrough and explanation. The course simulate real world attack and defense scenarios and we start with a non-admin user account in the domain and we work our way up to enterprise admin. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities. We cover topics like AD enumeration, tools to use, domain privilege escalation, domain persistence, Kerberos based attacks (Golden ticket, Silver ticket and more), ACL issues, SQL server trusts, and bypasses of defenses. Attacking and Hacking Active Directory With Kali Linux Full Course – Read Team Hacking Pentesting Who this course is for: Students who would love to become an Active Directory Pentesting Expert Students who would love to learn how to Attack Active Directory Students who would love a Job as a Red Team [Hidden Content] [hide][Hidden Content]]
  7. BloodyAD is an Active Directory Privilege Escalation Framework. This tool can perform specific LDAP/SAMR calls to a domain controller in order to perform AD privesc. It supports authentication using passwords, NTLM hashes, or Kerberos. How it works bloodyAD communicates with a DC using mainly the LDAP protocol in order to get information or add/modify/delete AD objects. A password cannot be updated with LDAP, it must be a secure connection that is LDAPS or SAMR. A DC doesn’t have LDAPS activated by default because it must be configured (with a certificate) so SAMR is used in those cases. [hide][Hidden Content]]
  8. SharpSpray SharpSpray is a Windows domain password spraying tool written in .NET C#. SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and outside a domain context. Exclude domain disabled accounts from the spraying. Auto gathers domain users from the Active directory. Avoid potential lockouts by excluding accounts within one attempt of locking out. Avoid potential lockouts by auto-gathering domain lockout observation window settings. Compatible with Domain Fine-Grained Password policies. Custom LDAP filter for users, e.g. (description=admin) Delay in seconds between each authentication attempt. Jitter between each authentication attempt. Support a single password or a list of passwords. Single file Console Application. [hide][Hidden Content]]
  9. smartbrute The smart password spraying and bruteforcing tool for Active Directory Domain Services. [hide][Hidden Content]]
  10. Description ـــــــــــــــــــــــــ Most enterprise networks today are managed using Windows Active Directory and it is imperative for a security professional to understand the threats to the Windows infrastructure. Active Directory Pretesting is designed to provide security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment. The course is beginner friendly and comes with a walkthrough videos course and all documents with all the commands executed in the videos. The course is based on our years of experience of breaking Windows and AD environments and research. When it comes to AD security, there is a large gap of knowledge which security professionals and administrators struggle to fill. Over the years, I have taken numerous world trainings on AD security and always found that there is a lack of quality material and specially, a lack of good walkthrough and explanation. The course simulate real world attack and defense scenarios and we start with a non-admin user account in the domain and we work our way up to enterprise admin. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities. We cover topics like AD enumeration, tools to use, domain privilege escalation, domain persistence, Kerberos based attacks (Golden ticket, Silver ticket and more), ACL issues, SQL server trusts, and bypasses of defenses. Attacking and Hacking Active Directory With Kali Linux Full Course - Read Team Hacking Pentesting What you’ll learn ـــــــــــــــــــــــــــــــــــــ How to Use Metasploit to Exploit Active Directory How to Use Empire to Exploit Active Directory How to Use Evil-WinRM to Exploit Active Directory How to Use CrackMapExec to Exploit Active Directory How to Exploit Active Directory From Windows How to Do Active Directory Enumeration How to do Lateral Movement Active Directory Post Exploitation Active Directory Domain Privilege Escalation Active Directory Persistence Attacks How to use Kali Linux to hack Active Directory How to use nmap to Enumerate Servers How to exploit EternalBlue Are there any course requirements or prerequisites? ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ How Active Directory Work Windows Server Experience Who this course is for: ـــــــــــــــــــــــــــــــــــــــــــــــــ Students who would love to become an Active Directory Pentesting Expert Students who would love to learn how to Attack Active Directory Students who would love a Job as a Red Team Windows - Privilege Escalation and Local Enumeartion Cheat Sheet [hide] [Hidden Content]]
  11. This addon provides facebook live chat facility to Atlas Directory Listing business owners with their customers. Using this addon, business owners can give live chat option to their site visitors and potential customers. This increase sales of your products and services directly. [Hidden Content] [hide][Hidden Content]]
  12. OpenDoor OWASP is a console multifunctional websites scanner. This application finds all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data, and large backups. The scanning is performed by the built-in dictionary and external dictionaries as well. Anonymity and speed are provided by means of using proxy servers. The software is written for informational purposes and is an open-source product under the GPL license. Implements multithreading control scan’s reports directories scanner subdomains scanner HTTP(S) (PORT) support Keep-alive long pooling HTTP(S)/SOCKS proxies dynamic request header custom wordlst’s prefixes custom wordlists, proxies, ignore lists debug levels (1-3) extensions filter custom reports directory custom config wizard (use random techniques) analyze techniques detect redirects detect index of/ Apache detect large files heuristic detect invalid web pages blank success page filter certify required pages randomization techniques random user-agent per request random proxy per request wordlists shuffling wordlists filters Changelog v4.0.1 – Python 2.6,2.7 is unsupported – Update directories.dat 36994 -> 37019 – [enhancement] [#PR-40]([Hidden Content]) added encoding to setup.py – [bugfix] [#PR-48]([Hidden Content]) Python 3.9 / 3.10 compatibility – [bugfix] [#PR-20]([Hidden Content]) No timeout setup in request – [enhancement] [#PR-36]([Hidden Content]) Feature Request: Show only found items [hide][Hidden Content]]
  13. BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4jdatabase fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment. Changelog v4.0.2 This release comes with a whole heap of bugfixes. [hide][Hidden Content]]
  14. An Burpsuite extension to bypass the 403 restricted directories. By using PassiveScan (default enabled), each 403 requests will be automatically scanned by this extension, so just add to burpsuite and enjoy. Payloads: $1: HOSTNAME $2: PATH
  15. Links Directory is an application that provides your community with a member driven web directory. Allow members to submit websites for approval in categories you define. Users can comment and rate on other member’s submissions. You can also mark websites as official affiliates, fostering traffic between friends. Features Submit links to websites along with a title, description, and an image generated from extensible APIs available on internet, free and paid. You can also save the image locally, which will reduce the API call. Image is updated when you update the link. Admin can choose if new links are moderated, per category. Ability to charge per link, integrated to Commerce. Submit comments to links. Admin can choose if new comments are moderated, per category. Rate links using the star rating system used throughout the IPS4. Per category setting. Integrates to Share Links to share or email inks. Inregrates to Google Maps if and address is provided in the link submission (IPS 4.1.13+: Google Map APIs now requires an API key. Go to AdminCP -> System -> Community Enhancements to enable Google Maps support) Ability for users to report potentially offensive content or broken links using the built-in Report Center Search integration: search links along with the rest of your community’s content Supports item marking, allowing your users to see what links have been added or commented on Integrates into Activity Streams. Supports the built-in tagging system including prefixes. Support for notifications such as new links and comments on user links. Ability to follow/like categories and individual links. Unlimited categories of links, plus unlimited depth of parent-child relationships Category Icons Drag & drop reordering of categories in the ACP. Per-category permissions to show category, view links, submit links, add comments, and avoid approval queues Provide “link back” code so other websites can link back to yours. Mark links as official affiliates and display them in a different section on the Links Directory index Integrates into IPS4 Moderating system, which all commons permissions, such as pin, unpin, delete, feature, move, etc. Per-category Permissions allowing you to specify which permission sets are allowed to view category, view links, add links, edit links, comment, rate, and avoid moderation at a granular level. Robust Admin Restrictions. Integration with the Advertisements system Integration with Sitemap system to include links in your sitemap Ability to create RSS feeds of all links Integration with ACP Live Seach (Links categories) Support Extra Fields so you can define different fields per category Friendly URLs for links and categories Ability to configure the Links Index page to display the blocks you want And much, much more! [Hidden Content] [Hidden Content]
  16. AD Penetration Testing Lab The AD Pentesting tool (ADLab) is a tool created in PowerShell to quickly set up an Active directory lab for testing purposes. This tool can help set up a Domain controller and Workstation in a lab environment quickly and effectively. While the tool is specifically written to configure an Active Directory environment in a lab environment the tool can be easily stretched for a production environment as it’s released under MIT license. The process to manually configure a domain controller using GUI can be painful especially if you need to create and tear down the lab frequently. This single tool can not only configure a domain controller quickly but can also automate additional configuration such as creating shares, creating users, and configuring group policy objects for disabling Windows Defender which is something desirable especially in a lab environment. [hide][Hidden Content]]
  17. Powerful web directory fuzzer to locate existing and/or hidden files or directories. Similar to dirb or gobuster, but with a lot of mutation options. Features Proxy support Cookie support Basic Auth Digest Auth Retries (for slow servers) Persistent and non-persistent HTTP connection Request methods: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS Custom HTTP header Mutate POST, PUT and PATCH payloads Mutate with different request methods Mutate with different HTTP headers Mutate with different file extensions Mutate with and without trailing slashes Enumerate GET parameter values [hide][Hidden Content]]
  18. ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point. Notes: ADCollector is not an alternative to the powerful PowerView, it just automates enumeration to quickly identify juicy information without thinking too much at the early Recon stage. Functions implemented in ADCollector are ideal for enumeration in a large Enterprise environment with lots of users/computers, without generating lots of traffic and taking a large amount of time. It only focuses on extracting useful attributes/properties/ACLs from the most valuable targets instead of enumerating all available attributes from all the user/computer objects in the domain. You will definitely need PowerView to do more detailed enumeration later. The aim of developing this tool is to help me learn more about Active Directory security in a different perspective as well as to figure out what’s behind the scenes of those PowerView functions. I just started learning .NET with C#, the code could be really terrible~ It uses S.DS namespace to retrieve domain/forest information from the domain controller(LDAP server). It also utilizes S.DS.P namespace for LDAP searching. Enumeration Current Domain/Forest information Domains in the current forest (with domain SIDs) Domain Controllers in the current domain [GC/RODC] (with ~~IP, OS Site and ~~Roles) Domain/Forest trusts as well as trusted domain objects[SID filtering status] Privileged users (currently in DA and EA group) Unconstrained delegation accounts (Excluding DCs) Constrained Delegation (S4U2Self, S4U2Proxy, Resources-based constrained delegation) MSSQL/Exchange/RDP/PS Remoting SPN accounts User accounts with SPN set & password does not expire account Confidential attributes () ASREQROAST (DontRequirePreAuth accounts) AdminSDHolder protected accounts Domain attributes (MAQ, minPwdLength, maxPwdAge lockoutThreshold, gpLink[group policies that linked to the current domain object]) LDAP basic info(supportedLDAPVersion, supportedSASLMechanisms, domain/forest/DC Functionality) Kerberos Policy Interesting ACLs on the domain object, resolving GUIDs (User-defined object in the future) Unusual DCSync Accounts Interesting ACLs on GPOs Interesting descriptions on user objects Sensitive & Not delegate account Group Policy Preference cpassword in SYSVOL/Cache Effective GPOs on the current user/computer Restricted groups Nested Group Membership Changelog v2.0 1. Complete Rewrite (more extensible) 2. Add Interactive Menu with command line choice 3. Use direct API call to enumerate Trust relationship 4. Update Applied GPO Enumeration with Security Filtering and WMI Filtering (WMIFilter needs to be checked manually) 5. Add LDAP DNS Record Enumeration 6. RunAs: Run ADCollector under another user context 7. Flexible SPN Scan, DNS Records, Nested Group Membership, ACL Enumeration 8. Add NetSessionEnum, NetLocalGroupGetMembers and NetWkstaUserEnum [hide][Hidden Content]]
  19. Crithit CritHit takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next wordlist item. The intention of brute-forcing in this manner is to avoid low limit Web Application Firewall (WAF) bans and to allow brute forcing to run faster than it normally would when approaching any single host with multiple simultaneous requests. CritHit can perform multiple verifications of results using proxy lists, as well as filter out noise by baselining websites. Additionally, if looking for a specific item over a large number of websites (to cross-compare a vulnerability over more hosts) you can build and use –signatures to write only hosts containing specific data points to an output file. Best results can be sought from CritHit by using it as a quick “first pass” with a smaller (100 critical items) wordlist, a very large target list, and then deep-diving more directly with a project such as ffuf where results are found. [hide][Hidden Content]]
  20. This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request. View the full article
  21. WordPress Arforms plugin version 3.7.1 suffers from a directory traversal vulnerability. View the full article
  22. IcedTeaWeb suffers from multiple vulnerabilities including directory traversal and validation bypass issues that can lead to remote code execution. The affected versions are 1.7.2 and below, 1.8.2 and below. 1.6 is also vulnerable and not patched due to being EOL. Proof of concepts are provided. View the full article
  23. An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date. View the full article
  24. An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. View the full article
  25. GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files. View the full article
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.